Add SSLConfig object to IceServer.

This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020, with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility. Bug: webrtc:9662 Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5 Reviewed-on: https://webrtc-review.googlesource.com/98762 Commit-Queue: Diogo Real <diogor@google.com> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Reviewed-by: Kári Helgason <kthelgason@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Qingsi Wang <qingsi@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24696}
2018-09-11 16:00:22 -07:00
parent e0c8b230e7
commit 4f085434b9
31 changed files with 1093 additions and 183 deletions
--- a/pc/iceserverparsing.cc
+++ b/pc/iceserverparsing.cc
@ -14,6 +14,7 @@
 #include <string>

 #include "rtc_base/arraysize.h"
+#include "rtc_base/ssladapter.h"

 namespace webrtc {

@ -254,13 +255,22 @@ static RTCErrorType ParseIceServerUrl(
      }
      cricket::RelayServerConfig config = cricket::RelayServerConfig(
          socket_address, username, server.password, turn_transport_type);
+
+      config.ssl_config = server.ssl_config;
+
      if (server.tls_cert_policy ==
          PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
-        config.tls_cert_policy =
-            cricket::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
+        config.ssl_config.tls_cert_policy =
+            rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
+      }
+      if (!server.ssl_config.tls_alpn_protocols.has_value() &&
+          !server.tls_alpn_protocols.empty()) {
+        config.ssl_config.tls_alpn_protocols = server.tls_alpn_protocols;
+      }
+      if (!server.ssl_config.tls_elliptic_curves.has_value() &&
+          !server.tls_elliptic_curves.empty()) {
+        config.ssl_config.tls_elliptic_curves = server.tls_elliptic_curves;
      }
-      config.tls_alpn_protocols = server.tls_alpn_protocols;
-      config.tls_elliptic_curves = server.tls_elliptic_curves;

      turn_servers->push_back(config);
      break;
--- a/pc/iceserverparsing_unittest.cc
+++ b/pc/iceserverparsing_unittest.cc
@ -86,16 +86,16 @@ TEST_F(IceServerParsingTest, ParseStunPrefixes) {
  EXPECT_EQ(0U, stun_servers_.size());
  EXPECT_EQ(1U, turn_servers_.size());
  EXPECT_EQ(cricket::PROTO_TLS, turn_servers_[0].ports[0].proto);
-  EXPECT_TRUE(turn_servers_[0].tls_cert_policy ==
-              cricket::TlsCertPolicy::TLS_CERT_POLICY_SECURE);
+  EXPECT_TRUE(turn_servers_[0].ssl_config.tls_cert_policy ==
+              rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE);

  EXPECT_TRUE(ParseUrl(
      "turns:hostname", "username", "password",
      PeerConnectionInterface::TlsCertPolicy::kTlsCertPolicyInsecureNoCheck));
  EXPECT_EQ(0U, stun_servers_.size());
  EXPECT_EQ(1U, turn_servers_.size());
-  EXPECT_TRUE(turn_servers_[0].tls_cert_policy ==
-              cricket::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK);
+  EXPECT_TRUE(turn_servers_[0].ssl_config.tls_cert_policy ==
+              rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK);
  EXPECT_EQ(cricket::PROTO_TLS, turn_servers_[0].ports[0].proto);

  // invalid prefixes